236 matches found
CVE-2026-48487 Zeroconf: Unvalidated rdlength in record payload readers allows LAN-local cache corruption via crafted mDNS packet
Zeroconf is a pure Python implementation of multicast DNS service discovery. Prior to 0.149.16, readcharacterstring and readstring in src/zeroconf/protocol/incoming.py advanced self.offset by attacker-declared RDLENGTH without checking it against self.datalen, allowing unauthenticated hosts on th...
bind security update
An update is available for bind. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The Berkeley Internet Name Domain BIND is an implementation of the Domain Name...
SUSE CVE-2026-11225
Inappropriate implementation in WebUI in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform domain spoofing via a crafted domain name. Chromium security severity: Low...
EUVD-2026-34686
Inappropriate implementation in WebUI in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform domain spoofing via a crafted domain name. Chromium security severity: Low...
CVE-2026-11225
Inappropriate implementation in WebUI in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform domain spoofing via a crafted domain name. Chromium security severity: Low...
DEBIAN-CVE-2026-11225
Inappropriate implementation in WebUI in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform domain spoofing via a crafted domain name. Chromium security severity: Low...
DEBIAN-CVE-2026-11215
Inappropriate implementation in Cronet in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to perform domain spoofing via a crafted domain name. Chromium security severity: Medium...
CVE-2026-11227
Incorrect security UI in Tab Hover Cards in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform domain spoofing via a crafted domain name. Chromium security severity: Low...
CVE-2026-11225
Inappropriate implementation in WebUI in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform domain spoofing via a crafted domain name. Chromium security severity: Low...
CVE-2026-11215
CVE-2026-11215 concerns an insecure/incorrect Cronet implementation in Google Chrome on Android prior to version 149.0.7827.53, enabling a remote attacker to spoof a domain via a crafted domain name. The vulnerability arises in Cronet’s domain handling and is described with a Chromium security se...
PT-2026-46741
Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 149.0.7827.53 Description An inappropriate implementation in Cronet allows a remote attacker to perform domain spoofing by using a crafted domain name. Recommendations Update to version 149.0.7827.53 ...
The vulnerability of the Omnibox address bar in the Google Chrome browser on iOS operating systems allows a hacker to replace the content in the URL bar.
The vulnerability of the Omnibox address bar in Google Chrome browsers on iOS operating systems is related to information representation errors in the user interface. Exploiting this vulnerability allows a malicious actor to replace the content in the URL bar using a specially created domain name...
EUVD-2026-20717
Incorrect security UI in Omnibox in Google Chrome on iOS prior to 147.0.7727.55 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted domain name. Chromium security severity: Low...
CVE-2026-5895
Incorrect security UI in Omnibox in Google Chrome on iOS prior to 147.0.7727.55 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted domain name. Chromium security severity: Low...
CVE-2026-5895
CVE-2026-5895 describes an incorrect security UI in the Omnibox of Google Chrome on iOS before 147.0.7727.55, allowing a remote attacker to spoof the Omnibox (URL bar) via a crafted domain name. The CVE is listed with Chromium security severity: Low. Public connected sources confirm that Chrome/C...
CVE-2026-5895
Incorrect security UI in Omnibox in Google Chrome on iOS prior to 147.0.7727.55 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted domain name. Chromium security severity: Low...
CVE-2026-21920
An Unchecked Return Value vulnerability in the DNS module of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service DoS. If an SRX Series device configured for DNS processing, receives a specifically formatted DNS request flowd will...
CVE-2025-59029
A flaw was found in PowerDNS. This vulnerability allows an attacker to trigger an assertion failure via requesting crafted DNS Domain Name System records, waiting for them to be inserted into the records cache, then sending a query with qtype set to ANY. Mitigation To mitigate this issue, restric...
CVE-2025-13636
Inappropriate implementation in Split View in Google Chrome prior to 143.0.7499.41 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted domain name. Chromium security severity: Low...
Linux Distros Unpatched Vulnerability : CVE-2025-13636
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inappropriate implementation in Split View in Google Chrome prior to 143.0.7499.41 allowed a remote attacker who convinced a user to engage in specific UI...